What is a Botnet?

Botnets are evolving and IoT is not being helpful. It’s been just over a year since we first saw Mirai, a botnet that took over IoT (Internet of Things) devices using a default password list of just over 60 and this is not the last time we will see a massive Botnet leveraging the lax security practices of many IoT device manufactures. The security research and firewall company Check Point has discovered a massive new Botnet known as “Reaper” which has been “evolving and recruiting IoT devices at a far greater pace and with more potential damage than the Mirai botnet of 2016”.

Mirai and Reaper have some similarities in that they are both worms, moving between impacted or vulnerable devices and amassing a large following of network devices that can be used to carry out attacks like the massive attack against Dyn, a New Hampshire based DNS provider back in 2016 that affected access to many major websites including Twitter, Spotify, and Reddit. Reaper also seems to have adopted some of Mirai’s source code. Unlike Mirai however, Reaper leverages at least nine known security vulnerabilities across nearly a dozen different device makers, including AVTECH, D-Link, GoAhead, Netgear, and Linksys, among others – Mirai used default and sometimes hardcoded passwords that could not be changed at all.

Why the continuous and unrelenting attacks against IoT devices? Infrequent, difficult and risky patching, P2P functionality, insecure services, default credentials not being changed and even hard-coded passwords set in the factory. All of these things and more make IoT devices ripe for exploitation, but why would anyone want to hack your smart refrigerator or your light bulbs? With a culture that is seemingly obsessed with connecting absolutely everything to the internet, these new and mostly unsecured smart-toasters make great pivot points into other computer systems and can be leveraged to unleash DDoS attacks or to build a distributed proxy or anonymity network, or, all of the above. Most of the time a user will not be able to tell that there is anything wrong with their device, it can sit in the corner unpatched and out-of-mind for a long time without being discovered as infected.

Security Researchers do not yet know what the Reaper botnet is planned to do but I think it’s safe to assume that the botnet author won’t be using it to try and improve Netflix buffer times, it is most certainly malicious in nature. Contact Thrive to learn more.